Skip to main content

Updates address 4 critical and 12 high severity vulnerabilities

Threat ID:CC-4606
Threat Severity:Medium
Published:15 January 2025 2:27 PM

Summary

Updates address 4 critical and 12 high severity vulnerabilities

Affected platforms

The following platforms are known to be affected:

Threat details

Exploitation reported and proof-of-concept exploits are available

On 10 March 2025, the vulnerabilities CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 were added to the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability Catalog based on evidence of exploitation in the wild. 

A security researcher has released a proof-of-concept (PoC) exploit for CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159.


Introduction

Ivanti has released a security advisory addressing 16 vulnerabilities affecting Endpoint Manager (EPM) products. Ivanti EPM is an all-in-one solution for managing device endpoints within a network.

Four vulnerabilities designated as CVE-2024-10811CVE-2024-13161CVE-2024-13160, and CVE-2024-13159 with a CVSSv3 score of 9.8 could allow an unauthenticated, remote attacker to leak sensitive information via path traversal.

CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 are reported as exploited in the wild and have been added to CISA's Known Exploited Vulnerability Catalog.

The other high severity vulnerabilities leading to remote code execution (RCE), privilege escalation, or denial-of-service (DoS) were also addressed.

Threat updates

  
11 Mar 2025CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 added to CISA's Known Exploited Vulnerabilities Catalog.
20 Feb 2025Cyber Alert updated to cover the release of proof-of-concepts (PoC) for CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159.

Remediation advice

Affected organisations are encouraged to review Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6 and apply the relevant security updates as soon as practicable.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-10811Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
StatusPublished
CVE-2024-13161Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
StatusPublished
CVE-2024-13160Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
StatusPublished
CVE-2024-13159Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
StatusPublished
CVE-2024-13158An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
StatusPublished
CVE-2024-13172Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
StatusPublished
CVE-2024-13171Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.  
StatusPublished
CVE-2024-13170An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
StatusPublished
CVE-2024-13169An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. 
StatusPublished
CVE-2024-13168An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. 
StatusPublished
CVE-2024-13167An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. 
StatusPublished
CVE-2024-13166An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. 
StatusPublished
CVE-2024-13165An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. 
StatusPublished
CVE-2024-13164An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.  
StatusPublished
CVE-2024-13163Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. 
StatusPublished
CVE-2024-13162SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. 

Last edited: 11 March 2025 2:41 pm

Back to top